Foreman@1.6.0 Security Vulnerabilities and Issues — Foreman@1.6.0 CVE List

Lucene search

TheforemanForeman1.6.0

3 matches found

CVE•added 2015/03/09 2:59 p.m.•57 views

CVE-2014-3691

Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate.

7.5CVSS7.6AI score0.00351EPSS

CVE•added 2017/07/17 1:18 p.m.•44 views

CVE-2015-5152

Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.

8.1CVSS7.8AI score0.00241EPSS

CVE•added 2017/05/26 4:29 p.m.•42 views

CVE-2017-7505

Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global ...

8.8CVSS8.6AI score0.00308EPSS